Class: Msf::FrameworkEventSubscriber

Inherits:
Object
  • Object
show all
Includes:
Msf::Framework::Offspring, GeneralEventSubscriber, SessionEvent, UiEventSubscriber
Defined in:
lib/msf/core/framework.rb

Instance Attribute Summary

Attributes included from Msf::Framework::Offspring

#framework

Instance Method Summary collapse

Methods included from SessionEvent

#on_session_filedelete, #on_session_interact

Methods included from GeneralEventSubscriber

#on_module_created, #on_module_load

Constructor Details

#initialize(framework) ⇒ FrameworkEventSubscriber


216
217
218
# File 'lib/msf/core/framework.rb', line 216

def initialize(framework)
  self.framework = framework
end

Instance Method Details

#module_event(name, instance, opts = {}) ⇒ Object

Generic handler for module events


231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# File 'lib/msf/core/framework.rb', line 231

def module_event(name, instance, opts={})
  if framework.db.active
    event = {
      :workspace => framework.db.find_workspace(instance.workspace),
      :name      => name,
      :username  => instance.owner,
      :info => {
        :module_name => instance.fullname,
        :module_uuid => instance.uuid
      }.merge(opts)
    }

    report_event(event)
  end
end

#on_module_complete(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors


256
257
258
# File 'lib/msf/core/framework.rb', line 256

def on_module_complete(instance)
  module_event('module_complete', instance)
end

#on_module_error(instance, exception = nil) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors


262
263
264
# File 'lib/msf/core/framework.rb', line 262

def on_module_error(instance, exception=nil)
  module_event('module_error', instance, :exception => exception.to_s)
end

#on_module_run(instance) ⇒ Object

:category: ::Msf::GeneralEventSubscriber implementors


249
250
251
252
# File 'lib/msf/core/framework.rb', line 249

def on_module_run(instance)
  opts = { :datastore => instance.datastore.to_h }
  module_event('module_run', instance, opts)
end

#on_session_close(session, reason = '') ⇒ Object

:category: ::Msf::SessionEvent implementors


369
370
371
372
373
374
375
376
377
# File 'lib/msf/core/framework.rb', line 369

def on_session_close(session, reason='')
  session_event('session_close', session)
  if session.db_record
    # Don't bother saving here, the session's cleanup method will take
    # care of that later.
    session.db_record.close_reason = reason
    session.db_record.closed_at = Time.now.utc
  end
end

#on_session_command(session, command) ⇒ Object

:category: ::Msf::SessionEvent implementors


385
386
387
388
389
390
391
392
# File 'lib/msf/core/framework.rb', line 385

def on_session_command(session, command)
  session_event('session_command', session, :command => command)
  framework.db.report_session_event({
    :etype => 'command',
    :session => session,
    :command => command
  })
end

#on_session_download(session, rpath, lpath) ⇒ Object

:category: ::Msf::SessionEvent implementors


357
358
359
360
361
362
363
364
365
# File 'lib/msf/core/framework.rb', line 357

def on_session_download(session, rpath, lpath)
  session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'download',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_session_module_run(session, mod) ⇒ Object

:category: ::Msf::SessionEvent implementors


441
442
443
444
445
446
447
# File 'lib/msf/core/framework.rb', line 441

def on_session_module_run(session, mod)
  framework.db.report_session_event({
    :etype => 'module_run',
    :session => session,
    :local_path => mod.fullname
  })
end

#on_session_open(session) ⇒ Object

:category: ::Msf::SessionEvent implementors


338
339
340
341
342
# File 'lib/msf/core/framework.rb', line 338

def on_session_open(session)
  opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  session_event('session_open', session, opts)
  framework.db.report_session(:session => session)
end

#on_session_output(session, output) ⇒ Object

:category: ::Msf::SessionEvent implementors


396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
# File 'lib/msf/core/framework.rb', line 396

def on_session_output(session, output)
  # Break up the output into chunks that will fit into the database.
  buff = output.dup
  chunks = []
  if buff.length > 1024
    while buff.length > 0
      chunks << buff.slice!(0,1024)
    end
  else
    chunks << buff
  end
  chunks.each { |chunk|
    session_event('session_output', session, :output => chunk)
    framework.db.report_session_event({
      :etype => 'output',
      :session => session,
      :output => chunk
    })
  }
end

#on_session_route(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors


419
420
421
# File 'lib/msf/core/framework.rb', line 419

def on_session_route(session, route)
  framework.db.report_session_route(session, route)
end

#on_session_route_remove(session, route) ⇒ Object

:category: ::Msf::SessionEvent implementors


425
426
427
# File 'lib/msf/core/framework.rb', line 425

def on_session_route_remove(session, route)
  framework.db.report_session_route_remove(session, route)
end

#on_session_script_run(session, script) ⇒ Object

:category: ::Msf::SessionEvent implementors


431
432
433
434
435
436
437
# File 'lib/msf/core/framework.rb', line 431

def on_session_script_run(session, script)
  framework.db.report_session_event({
    :etype => 'script_run',
    :session => session,
    :local_path => script
  })
end

#on_session_upload(session, lpath, rpath) ⇒ Object

:category: ::Msf::SessionEvent implementors


346
347
348
349
350
351
352
353
354
# File 'lib/msf/core/framework.rb', line 346

def on_session_upload(session, lpath, rpath)
  session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  framework.db.report_session_event({
    :etype => 'upload',
    :session => session,
    :local_path => lpath,
    :remote_path => rpath
  })
end

#on_ui_command(command) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors


269
270
271
272
273
# File 'lib/msf/core/framework.rb', line 269

def on_ui_command(command)
  if framework.db.active
    report_event(:name => "ui_command", :info => {:command => command})
  end
end

#on_ui_start(rev) ⇒ Object

:category: ::Msf::UiEventSubscriber implementors


285
286
287
288
289
290
291
292
293
# File 'lib/msf/core/framework.rb', line 285

def on_ui_start(rev)
  #
  # The database is not active at startup time unless msfconsole was
  # started with a database.yml, so this event won't always be saved to
  # the db.  Not great, but best we can do.
  #
  info = { :revision => rev }
  report_event(:name => "ui_start", :info => info)
end

#on_ui_stopObject

:category: ::Msf::UiEventSubscriber implementors


277
278
279
280
281
# File 'lib/msf/core/framework.rb', line 277

def on_ui_stop()
  if framework.db.active
    report_event(:name => "ui_stop")
  end
end

#report_event(data) ⇒ Object


220
221
222
223
224
# File 'lib/msf/core/framework.rb', line 220

def report_event(data)
  if framework.db.active
    framework.db.report_event(data)
  end
end

#session_event(name, session, opts = {}) ⇒ Object

Generic handler for session events


302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
# File 'lib/msf/core/framework.rb', line 302

def session_event(name, session, opts={})
  address = session.session_host

  if not (address and address.length > 0)
    elog("Session with no session_host/target_host/tunnel_peer")
    dlog("#{session.inspect}", LEV_3)
    return
  end

  if framework.db.active
    ws = framework.db.find_workspace(session.workspace)
    event = {
      :workspace => ws,
      :username  => session.username,
      :name => name,
      :host => address,
      :info => {
        :session_id   => session.sid,
        :session_info => session.info,
        :session_uuid => session.uuid,
        :session_type => session.type,
        :username     => session.username,
        :target_host  => address,
        :via_exploit  => session.via_exploit,
        :via_payload  => session.via_payload,
        :tunnel_peer  => session.tunnel_peer,
        :exploit_uuid => session.exploit_uuid
      }.merge(opts)
    }
    report_event(event)
  end
end